Information and digital information in particular, is at the heart of most organizations today. Regrettably, nowadays, information systems are under constant threat, and precious data is often at risk of being corrupted or being disclosed, or even stolen by an unauthorized party. The financial ramifications of these risks are too great to be ignored. Unfortunately, existing information security solutions are not able to provide a comprehensive solution, enabling reliable and continuous protection against existing threats compromising the organizational data.
The reliance upon the Internet for carrying different kinds of communications, both within the organizations' networks and with the outside world (public, remote sites, business partners etc.), together with the introduction into the market and the proliferation of many sophisticated miniature storage devices (e.g., USB attachable devices used as disks) and other advanced technologies, present new security challenges. Most existing IT security solutions are essentially improvements of existing solutions, and are based on the assumption that threats come from external sources (e.g., the Internet). Therefore most of the present IT security solutions regard entities within the organization's network as “trusted”, whereas entities outside the organizations network are regarded as “untrusted”. The increasing amount of threats making use of simple means and methods for creating backdoors into the internal organizational network is evidence of a fundamental weakness of the peripheral defense approach, which includes for example, all existing gateway security products (e.g., firewalls, anti virus, content inspection, IDS/IPS and other filters). Indeed, world famous research groups recently estimated that over 80% of incidents of breaching organizational information security, originate from inside an organization itself (maliciously or due to lack of awareness); therefore, it is important to provide protection against external threats and internal ones (e.g., employees, contractors, etc.) and to provide security personnel with a solution, allowing them to effectively monitor activities involving computers in internal networks (for example, monitoring compliance with information security policies) and to enforce a security policy on these computers.
Attempts have been made to fill part of the security void described above. For example, some existing solutions rely on agent applications which must be installed on each device which is to be scanned and then must be managed on each of the devices where it is installed. An agent based solution requires that each computerized device, which is to be allowed to communicate with the organization's networks, be installed with the appropriate agent application. The installations, whether they are automatic, semi-automatic or manual, require substantial human resources and may be quite time consuming. An agent installation on any number of servers and workstations may fail to operate without such failure being noticed, causing a severe and undetected security breach.
A different group of information security tools includes various vulnerability scanners. Vulnerability scanners are typically used to detect unnecessary/unauthorized services, such as open ports, for example, and other vulnerabilities. Vulnerability scanners are normally not suitable for addressing all threats on the Operating System level as well as threats which operate on the application level.
When attending to the potential security threats on the computerized devices within the organization's network, it is important to be able to provide a relatively short turnaround time so that if a potential threat develops or is created somewhere in the network, it is dealt with before any serious damage is caused. For those threats which can potentially cause great damage within a very short period of time, it is important to provide an efficient security solution having a relatively very short turnaround time. The number of computerized devices which need to be checked is, in many cases, quite large and the turnaround time of a centralized solution (not depending on agents) according to the prior art may not acceptable, even if the number of threats being addressed is rather small. If in-between cycles a computerized device is exposed to potential threats, the network is not reasonably protected from serious damage due to security breaches.
US Patent Application Publication No. 2005/0097199 allegedly discloses a method and a system for scanning network devices connected to a network by detecting connection of a first network device to the network and performing remote scanning of the first network device in response to detection of the first network device. Publication '199 further allegedly discloses performing the scan without using agents. In publication '199 it is stated that there are numerous drawbacks associated with a scanning technique which is based upon a periodic remote-scan of networked computers to discover and repair security threats, and it is thus suggested to scan a networked computer in response to detection of the computer's connection or attachment to the network.